Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Traffic Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9516)

Description

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

Remediation

References

Related Vulnerabilities

phpMyFAQ Other Vulnerability (CVE-2006-6913)

WordPress Plugin Visitor Traffic Real Time Statistics Unspecified Vulnerability (2.13)

Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)

Jboss EAP Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)

Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)

Severity

Medium

Classification

CVE-2019-9516 CWE-770 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities